Coralogix supports the SCIM specification (System for Cross-domain Identity Management), an open standard that allows you to automate User and Group provisioning using a REST API.
SCIM lets you create users and groups in Coralogix and give them the proper level of access, as well as to remove access for users (de-provisioning) should they leave your organization or no longer need access to Coralogix.
SCIM Server Authentication: To ensure that accounts can’t be created by unauthorized users, Coralogix uses a Bearer Token authentication.
Integrating Okta with Coralogix
Supported Features
Create Users: New or existing users in Okta will be pushed to Coralogix as new users.
Update User Attributes: Updates to user profiles in Okta (firstname, lastname, username) will be updated in Coralogix.
Deactivate Users: Users deactivated in Okta will be deactivated in Coralogix. They won’t be able to log in using their team in Coralogix. If a user is reactivated, they will regain access to Coralogix and keep all previously specified access controls.
Sync Okta Groups to Coralogix: An Okta group can be synced to Coralogix with all it users, moving a user between groups in Okta that are configured in Coralogix will move the user to another team.
Step 1: Create a new SAML 2.0 app integration in Okta
In Okta under Applications section press on Create App Integration and choose SAML 2.0
In General Settings App name will be used by Okta to display the name of the application to users, it can be anything.
In the next stage you will need to fill information the exists in Coralogix under Settings → Configure SAML.
Single sign on URL → Assertion Consumer Service URL
Audience URI (SP Entity ID) → Service Provider Entity ID/Audience
Default RelayState → <Name of your Coralogix team>
Name ID Format should be set to EmailAddress
Once done, press Next and then Finish in the last stage
After clicking Finish, scroll down to SAML Signing Certificate press on actions and in the dropdown choose View IdP metadata, copy the metadata into a text file and save it as .xml
Going back to the Coralogix SAML the configuration the file you just created must be uploaded by clicking on “Choose file” and picked from where it was saved.
Step 2: Enable SCIM 2.0 integration in Okta
After successfully uploading the configuration file a token can be generated by clicking on Generate Provisioning Token at the bottom of the page.
Go back to Okta and enable SCIM integration on the General tab, once enabled, the page will refresh with a new tab – Provisioning.
Go to newly added Provisioning tab and click Edit to configure SCIM integration:
Use one of the following values for SCIM connector base URL according to the Domain in which your Coralogix team is in:
Region
Tenant URL
US1
https://ng-api-http.coralogix.us/scim
EU1
https://ng-api-http.coralogix.com/scim
EU2
https://ng-api-http.eu2.coralogix.com/scim
AP1 (IN)
https://ng-api-http.app.coralogix.in/scim
AP2 (SG)
https://ng-api-http.coralogixsg.com/scim
Select Supported provisioning actions as displayed on the screenshot below In Authentication Mode select HTTP Header and paste the Provisioning Token that was generated in Coralogix under HTTP Header – Authorization
Connection is completed.
Step 3: Assign Users or Groups to the Coralogix in Okta
In order to sync a group to Coralogix you will need to add the group under Assignments tab by clicking Assign to Group.
After assigning a group to the app, the group should be pushed to Coralogix by going to “Push Groups” tab and searching the group, after successfully pushing the group it will appear with green color as active
Checking the Groups in Coralogix, the new group (SCIM Test) should be visible in the list together with the existing groups.
Roles & Scope
Roles and Scope should be edited in Coralogix side under Groups per the relevant Okta group. Sync using Okta cannot be supported as a custom attributes on groups sync via Push process is not implemented on Okta’s side.
For more information on how to assign Roles and Scope – look here.
Integrating OneLogin with Coralogix
Supported Features
Create Users: New or existing users in OneLogin will be pushed to Coralogix as new users.
Update User Attributes: Updates to user profiles in OneLogin (firstname, lastname, username) will be updated in Coralogix.
Deactivate Users: Users deactivated in OneLogin will be deactivated in Coralogix. They won’t be able to log in using their team in Coralogix. If a user is reactivated, they will regain access to Coralogix and keep all previously specified access controls.
Log in Coralogix Dashboard (must be an Admin user).
Go to Settings->Configure SAML.
Click Advanced
Click Generate Token.
You can use copy to clipboard button to copy the token
Step 2: Enable SCIM API integration in OneLogin
Log in to OneLogin and add the Coralogix application
From the application, click on the ‘Provisioning’ tab and then click ‘Enable Provisioning’ and then click ‘Save’
From the application, click on the ‘Configuration’ tab and paste the API token you created earlier in Coralogix. As SCIM Base URL use one of the following depends on your team URL:
Team URL
SCIM Base URL
team_name.coralogix.com
https://webapi.coralogix.com/scim
team_name.app.coralogix.in
https://webapi.app.coralogix.in/scim
team_name.coralogix.us
https://webapi.coralogix.us/scim
Click ‘Save’
Step 3: Assign users to the Coralogix application in OneLogin
Go to the ‘Applications’ tab in the user profile screen and then click on the “+” button
Choose the Coralogix application and click ‘Continue’
Click ‘Save’
Click ‘Pending’
Click ‘Approve’
Note: The status of ‘provisioned’ means the user was created in Coralogix
Repeat the above steps for each user that you want to add to Coralogix
Troubleshooting
In case your SCIM app is breaking with clicking on the test API button while it returns Null error, please do the following:
Open the application general tab.
Click the Edit button.
Select “Europe (https://api.coralogix.com/)” from the dropdown list.
Click the Save button.
Try to reauthenticate SCIM.
Integrating Azure Active Directory with Coralogix
This integration will push Azure Active Directory Users and Groups to Coralogix every 40 minutes. A Coralogix admin user needs to assign roles to the Groups on the Coralogix UI. Or assign roles to a Group using the integration.
Supported features:
Create Groups (supported attributes are: displayName, objectId, members)